Add Core Concepts
parent
29e8c3da7b
commit
5583b7b035
1 changed files with 8 additions and 0 deletions
8
Core-Concepts.md
Normal file
8
Core-Concepts.md
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
Before deployment, it's important to understand the two primary security patterns for granting the server permissions. The pattern you choose depends on where your server is hosted.
|
||||||
|
|
||||||
|
- **Pattern A: IAM Roles for EC2 (Recommended)**
|
||||||
|
This is the standard, most secure method for workloads running within AWS. An IAM Role is attached to the EC2 instance, which then automatically receives short-lived, temporary credentials from the EC2 metadata service. This completely avoids the need to store static access keys on the server.
|
||||||
|
|
||||||
|
- **Pattern B: IAM Users for External Servers**
|
||||||
|
For servers running outside of AWS (e.g., on-premises, other clouds), an IAM Role cannot be used. This pattern involves creating a dedicated IAM User with a narrowly scoped policy and long-lived static access keys (`AccessKeyId` and `SecretAccessKey`). This requires careful manual credential management.
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue